Attention: IT has Moved to Cloud.

Why Hasn’t Security?

IT has moved out of the enterprise data center and into the cloud. Employees work from anywhere and access business data using personal devices such as tablets, phones, and laptops as BYOD is becoming more widely adopted. While the technology to support this new way to work has evolved, security protocols haven’t kept up and legacy network security vendors are scrambling to find an answer to this increasing trend.

Fear Not! There is a new solution to this called CASB or Cloud Access Security Broker.

ManagedMethods is a Cloud-Native CASB vendor. What does Cloud-Native mean? It means we reside in the cloud and we use cloud-to- cloud connections, otherwise known as APIs or Application Programming Interfaces. An API is a simple and secure way for cloud applications to connect to each other. APIs are seamless, without requirements for cumbersome proxies or web gateways, and without the need to install agents on employee devices.

Risky User Behaviors in the CloudToday’s employees must be able to access data wherever they are, regardless of which device they are using. However, just as the technology that enables users to access data has changed significantly, so have risky user behaviors. These can be broadly classified as:

Accidental access to information

Accidental insider behavior

Malicious insider behavior.

There is also the “Compromised Insider” where user credentials are compromised by a hacker who pretends to be a legitimate user in the organization.

Security Hasn’t Kept Up with Technology
While the technology landscape has changed, we don’t think security has evolved enough to help organizations make this shift. Organizations have been spending millions on threat-centric/defensive security products, which makes companies reactive instead of proactive. There’s a lot of investment going into securing the non-existent security perimeter.

For many years users were constrained by IT. But with the advent of cloud apps, users were able to circumvent IT and use apps without IT’s knowledge. This is the known as Shadow IT. In the beginning, organizations blocked any cloud app use, but at some point, they had to adopt and embrace it since it became a business enabler.

As an example, consider cloud apps like Google G Suite or Office 365 and OneDrive. Both are popular in the business world and use is increasing daily. Employees collaborate, store and access data through these apps every day and they are the core of business communication. When that communication is broken or compromised by a security crisis as we have seen recently with the Google OAuth phishing attacks, people take notice and become concerned about their data.

This is why the CASB wave is quickly gaining momentum and legacy security vendors and methods must evolve to work the way employees and companies work today.

The data center and applications have already moved to the cloud. Shouldn’t security move too? With a cloud-native API approach, we here at ManagedMethods believe that we can help organizations move securely to the cloud.